104 days later, GitHub has finally patched the flaw. The flaw surrounded GitHubs workflow commands functionality, which is the community between the Action Runner and executed actions. Its part of GitHubs Actions feature. Googles Project Zero claimed the feature is fundamentally insecure, and the member of the group who reported the flaw, Felix Wilhelm, offered up 2 possible solutions, one being a short term fix, and one being a long term fix. It appears that GitHub has taken up the short term...

Read the full article at WinBeta

Wingeek Icon
More Developer News